package com.fengye.security.demo.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.mapping.Attributes2GrantedAuthoritiesMapper;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * @Author sky
 * @Email <mailto:fengyexjtu@126.com>
 * @Date 2020/12/26 19:40
 * @Description
 */
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled=true)
// @EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.exceptionHandling().accessDeniedPage("/403.html");
        http.logout().logoutUrl("/my_logout").logoutSuccessUrl("/").permitAll();
        http.formLogin()
                .loginPage("/my_login.html")// 登录页
                .loginProcessingUrl("/loginaa") // 登录处理的url(controller).不需要自己实现
                .defaultSuccessUrl("/home.html") //登录跳转的url
                // .failureForwardUrl("/login.html") // 失败后跳转的url
                // .successForwardUrl("/hello") // 登录成功跳转url
                // .usernameParameter("username") // 登录时的参数:用户名
                // .passwordParameter("pass") // 登录时的参数:密码
                .permitAll()
            .and()
                .authorizeRequests()
                // .antMatchers("/test").hasRole("TEST")
                // .antMatchers("/admin").hasAnyRole("ADMIN")
                // .antMatchers("/read").hasAuthority("read")
                // .antMatchers("/write").hasAnyAuthority("read,write")
                .anyRequest().authenticated()
            .and()
                .csrf().disable();

    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
    }
}
